Origins that your application allows. In example above we have specified *, it means it will
allow requests from all origins. You can give comma separated values to allow, access from your domains
only.

You can set CORS using spring boot default configurations, as shown below.

# ENDPOINTS CORS CONFIGURATION (EndpointCorsProperties)endpoints.cors.allow-credentials=# Set whether credentials are supported. When not set, credentials are not supported.endpoints.cors.allowed-headers=# Comma-separated list of headers to allow in a request. '*' allows all headers.endpoints.cors.allowed-methods=GET # Comma-separated list of methods to allow. '*' allows all methods.endpoints.cors.allowed-origins=# Comma-separated list of origins to allow. '*' allows all origins. When not set, CORS support is disabled.endpoints.cors.exposed-headers=# Comma-separated list of headers to include in a response.endpoints.cors.max-age=1800 # How long, in seconds, the response from a pre-flight request can be cached by clients.

You can use custom Filter to set CORS , Full example, how to use CorsFilter is shown below.